Data Breach

Slack Data Breach

0 records exposed • December 2022

Hackers stole some Slack employee passwords and used them to download internal code from GitHub. Customer messages were not affected, but it shows how supply chain attacks work.

What Happened

Attackers gained access to Slack private GitHub code repositories through compromised employee tokens. The breach did not affect customer data but exposed internal source code.

Attack method: Compromised third-party vendor

What Data Was Exposed

Private code repositories, Employee tokens

Is your business exposed?

What to Do If You're Affected

1.
No action needed for customers
2.
Review GitHub access tokens if you integrate with Slack

Lessons for Businesses

• Secure CI/CD pipelines and code repositories
• Regularly rotate access tokens
• Third-party integrations can be attack vectors

Sources

https://slack.engineering/an-update-on-slacks-github-repositories-incident/

Related Breaches

Github 2022, Circleci 2023

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required